Skip to content

Commit 6b9fea4

Browse files
adamkdeanadamkdean
committed
fix: ensure uploaded files have safe filenames
1 parent f083cb8 commit 6b9fea4

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

dadi/lib/controller/post.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ PostController.prototype.post = (req, res) => {
2424

2525
// Listen for event when Busboy finds a file to stream
2626
busboy.on('file', (fieldname, file, filename, encoding, mimetype) => {
27-
this.fileName = filename
27+
28+
this.fileName = filename.replace(/[^a-z0-9\-_.]+/gi, '_')
2829
this.mimetype = mimetype
2930

3031
file.on('data', (chunk) => {

0 commit comments

Comments
 (0)